DataBreachToday.com

Researchers Say Nation-State Actors Are Evolving Persistence Techniques
An apparent Chinese nation-state hacking group gussied up its tooling with new modular functionality, say security researchers who observed a cyberespionage campaign affecting Asia-Pacific governments. The activity resembles attack patterns of the threat actor tracked as Mustang Panda

Reports: Trump Administration Approval of Nvidia H200 Sales Poses Frontier AI Risks
Trump administration discussions on AI governance with China are colliding with reports that Washington may permit expanded Nvidia H200 chip sales to Chinese firms, fueling concerns that U.S. technology access could accelerate Beijing's frontier AI and military-linked ambitions.

Will Regulators Make the May Deadline, and What Changes Will Make the Cut?
Federal regulators are scheduled to issue a rule this month finalizing a proposed massive overhaul of the 23-year-old HIPAA Security Rule. Will the Department of Health and Human Services make the deadline, and what should HIPAA regulated organization expect?

Economist Enterprise Research Reveals the Gap Between AI Optimism and Real Returns
Four out of five executives say their AI programs are beating expectations, but fewer than half track whether that's true. New Economist Enterprise research exposes where enterprise AI efforts stall and what separates firms generating real returns from those still in pilots.

Also, YellowKey Bypasses BitLocker, Škoda Breach, Kingdom Market Operator Jailed
This week, U.S. lawmakers urged action on AI, a BitLocker exploit. Škoda, Nvidia’s GeForce NOW partner and telehealth firm OpenLoop reported breaches. Patch Tuesday. A dark market operator sentenced and pro-Ukraine and Iranian-linked hacking. Nitrogen ransomware attack on Foxconn.

Akamai Says Startup LayerX's Browser Telemetry Will Strengthen Access Decisions
Akamai said its proposed $205 million acquisition of LayerX will add enterprise browser security and AI usage controls to its zero trust portfolio as enterprises grapple with generative AI data exposure, autonomous AI agents and growing demand for browser-level visibility.

Hackers Constantly Break 'Confirmation of Data Destruction' Promises
When a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."

Proposed Bill Could Reopen Debate Over Computer Misuse Act Protections
The British government has announced plans to update cybersecurity legislation aimed at strengthening the country's digital defenses - while overhauling outdated cybercrime authorities that officials and security researchers warn are no longer fit for modern threats

Forrester's Allie Mellen on Preparing for a Mythos-Level Surge in Vulnerabilities
AI is simultaneously the biggest threat to financial system security and the most powerful tool for defending it. The IMF is sounding the alarm on systemic risk. Forrester principal analyst Allie Mellen breaks down what that means for CISOs and security teams at financial institutions.

Exaforce Says AI Agents Need Contextualized Telemetry to Avoid Bad Decisions
Agentic security operations startup Exaforce raised $125 million in Series B financing to expand an AI security operations platform that continuously contextualizes enterprise telemetry, as CEO Ankur Singla says autonomous defense systems need high-quality data to make real-time decisions.

Russian Hybrid Warfare Illuminates Debate Over Defending Cyber Poor Operators
A spate of pro-Russian hacktivists attacks against Polish water facilities have illuminated a debate about the best way to defend water utilities and other critical service providers below the cyber poverty line, meaning they face a threat that they cannot afford to defend against.

Josephine Wolff on Why Healthcare Must Scrutinize Cyber and AI Coverage
Healthcare organizations face growing pressure to reassess cyber insurance policies as cyberattacks disrupt patient care and AI tools introduce new liability risks. Josephine Wolff of Tufts University discusses how exclusions, compliance demands and AI-related uncertainty shape insurance decisions.

Frame's AI Models Build Contextualized Security Lessons Automatically in Minutes
Frame Security, founded by former Wiz product and sales leader Tal Shlomo, emerged from stealth with $50 million to build AI-generated cyber training and simulations designed to prepare employees for phishing, deepfakes, voice cloning and other personalized social engineering attacks.

Agency Grants Routers a 18-Month Reprieve From Obsolesce
The U.S. Federal Communications Commission extended through Jan. 1, 2029, a waiver allowing foreign-made routers already approved for use in the United States to continue receiving updates. The agency earlier this year instituted a ban on foreign-made consumer routers, citing national security concerns.

Kernel Privilege Escalation Has One Linux Maintainer Contemplating a 'Kill Switch'
Back-to-back kernel vulnerabilities in Linux has defenders scrambling to apply defenses in the age of quick turnaround time for hackers to exploit nascent flaws. "Dirty Frag" and "Copy Fail" kernel privilege escalation vulnerabilities became public knowledge within two weeks of each other.

Patching Workflows Built for Weekly Cycles Can't Survive an Era of Hourly Exploits
AI is shrinking the window between vulnerability disclosure and active exploitation from weeks to hours. But remediation workflows haven't kept pace. Security teams need real-time intelligence, unified IT and security operations, and automated remediation to close the gap before attackers do.